1
Tabasco
Big Time Hackers
  • 2005/10/9 14:16

  • Tabasco

  • Quite a regular

  • Posts: 203

  • Since: 2003/12/26


Is anybody here familiar with the g00ns? They are big time hackers. They are normally hacking game sites. Here's a list of sites they have taken down:

http://www.zone-h.org/en/defacements/filter/filter_defacer=g00ns/

We are a member of a group called Respected Admins, a site they (the g00ns) recently hacked, and they are threatening to take our site down now. Here's a email we received from them:

please note that J_Dizzle from http://www.g00ns.net has come to own you all. I chose not to delete content for this defacement, and rather just send a message. Respected Admins is directly responsible for this attack, and Red Hour will be my next target if Respected Admins refuse to step down from their pride horse and admit defeat.

Please take your anger out on our forums at http://www.g00ns-forum.net and our TeamSpeak server too!


A member of Respected Admins is a police officer, and reported the hacking of the Respected Admins site to the FBI.

Are there any additional programs I should add to our XOOPS site running 2.0.13.1 to prevent hacking?

2
erzon
Re: Big Time Hackers
  • 2005/10/9 14:25

  • erzon

  • Quite a regular

  • Posts: 211

  • Since: 2005/1/1 3


suggest that you should update all patch for your xoops

3
m0nty
Re: Big Time Hackers
  • 2005/10/9 15:21

  • m0nty

  • XOOPS is my life!

  • Posts: 3337

  • Since: 2003/10/24


bit hard unless you know how they are defeating the security.

protector module will help!! you should be able to find it using search.

failing that, it maybe worth doing as they said in the email and going to their forum, but don't get angry.. literally ask them how they compromised your site!! they aint gonna tell you nothin if you go in guns blazing.

a lot of these crackers will eventually tell you how they are breaking in.. of course some won't..

4
erzon
Re: Big Time Hackers
  • 2005/10/9 18:09

  • erzon

  • Quite a regular

  • Posts: 211

  • Since: 2005/1/1 3


but monty do you think they can really hack the xoops?

5
linuxdude
Re: Big Time Hackers
  • 2005/10/9 18:27

  • linuxdude

  • Just popping in

  • Posts: 3

  • Since: 2005/10/8


One simple thing could be to use a .htaccess file to block ip-adresses from accessing your Xoops.

I have good experiences with that, when i blocked out the whole ip-series for Brasil and Uruguy (lots of script-kidds there !)

Ciao !

6
Herko
Re: Big Time Hackers
  • 2005/10/9 18:27

  • Herko

  • XOOPS is my life!

  • Posts: 4238

  • Since: 2002/2/4 1


It is possible they find and use a security hole in XOOPS, but XOOPS is one of the most secure systems out there. The hackers will try to hack into the server tho, and not through XOOPS. Once they gained server access, they can do a lot more damage then just adding a few pages to your XOOPS site...

My suggestion: change all account passwords, review all accounts and statuses, close everything you don't use. It's harsh, but under threat you need to take desperate measures.

Herko

7
pegasus00321
Re: Big Time Hackers

Nothing is completely secure, not even XOOPS. Buts its pretty close. It would be great to have a security professional look at 2.2.x before it is released.

But also, just remember that its not always XOOPS itself thats exploited, you have modules installed. I'm sure theres a exploit here and there in CBB, Newbb, or other modules.
Pegasus00321


I would appricate it if you click this link
TuFat.com PHP Scripts and etc

8
Tabasco
Re: Big Time Hackers
  • 2005/10/9 19:29

  • Tabasco

  • Quite a regular

  • Posts: 203

  • Since: 2003/12/26


I've shut off new user registration. One of the g00ns tried to register at my site.

I have very little exposed to non registered users

I let my web host know about the threat, and they are monitoring it closely and did an offsite backup also.

I have a current backup of the domain and the MySQL

I think I am about as secure as I can be.

9
linuxdude
Re: Big Time Hackers
  • 2005/10/9 19:38

  • linuxdude

  • Just popping in

  • Posts: 3

  • Since: 2005/10/8


Here is what i would do:

1. remove all un-needed modules. Specially all modules that have possibility to add some content (like: fileupload modules, gallery etc)

2. Walk throuh your files+folders and do a proper chmod

3. Read all you logfiles (httpd, xoops) frequently

4. Search for Any exploit´s on your os/software/modules/system/etc and be a step before any intruders

5. Password checks (remove accounts with short passwords)

6. If you host the system: check your firewall rules/logs

7. If you host the system: Add a security module to apache - here is a nice one: http://www.modsecurity.org/

8. Add .htaccess files to prevent access to special folders.

9. If you host the system: Block IP-adresses in youre firewall

10. If you host the system: Remove un-needed services and only accept http-trafic to the system.

11. setup a honey-trap and collect evidence/logs


And remember....they will read this to...

10
Tabasco
Re: Big Time Hackers
  • 2005/10/12 18:59

  • Tabasco

  • Quite a regular

  • Posts: 203

  • Since: 2003/12/26


Some good news. The g00ns webpage and teamspeak was closed

Some bad news. They are still active. They just took another site down:

http://www.zone-h.org/en/defacements/filter/filter_defacer=g00ns/

One thing I seemed to notice, is that they seem to target phpBB the most, but maybe it's because nuke is so popular with gaming clans. A lot had been runnng phpBB ver 2.0.11. The latest version of phpBB is 2.0.17

Our Police contact at Respected Admins was in contact again today with the FBI about them.

Tabby

Login

Who's Online

462 user(s) are online (365 user(s) are browsing Support Forums)


Members: 0


Guests: 462


more...

Donat-O-Meter

Stats
Goal: $100.00
Due Date: Nov 30
Gross Amount: $0.00
Net Balance: $0.00
Left to go: $100.00
Make donations with PayPal!

Latest GitHub Commits